Title :
Hamming Masks: Toward defending constrained networked systems
Author :
Jurik, A.D. ; Hutton, S.T. ; Tarr, J.A.
Author_Institution :
Appl. Phys. Lab., Johns Hopkins Univ., Laurel, MD, USA
fDate :
Oct. 29 2012-Nov. 1 2012
Abstract :
The ability of intrusion detection systems to identify anomalous behavior successfully has lagged behind their ability to recognize activity based on signatures. Anomaly detection techniques for enterprises typically use statistical traffic models to accommodate varying network traffic profiles and limit the volume of false alerts. We offer a set of characteristics to identify constrained networked systems in which we hypothesize that anomaly detection techniques are well suited and useful. We offer a specific, concrete approach, Hamming Masks, for identifying expected behavior in a constrained networked system and recognizing unexpected behavior. We demonstrate the applicability of Hamming Masks for two different data sets and find that the distinctions between the enterprise data set and the constrained networked system data set are large.
Keywords :
military communication; security of data; telecommunication security; Hamming masks; anomalous behavior; anomaly detection; constrained networked system data set; enterprise data set; intrusion detection system; network traffic profiles; statistical traffic model; IP networks; Intrusion detection; Machine learning; Payloads; Protocols; Telecommunication traffic; Anomaly detection; Hamming Masks; constrained networked systems; intrusion detection; system security;
Conference_Titel :
MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012
Conference_Location :
Orlando, FL
Print_ISBN :
978-1-4673-1729-0
DOI :
10.1109/MILCOM.2012.6415796
